Transcription

4 DEFINITIONS SECURITY: Protecting the database from unauthorized access, alteration or deletion. INTEGRITY: It refers to accuracy or validation of the data.

5 THREATS to security and integrity A threat is any situation, event or personnel that will adversely effect the database security and smooth and efficient functioning of the organization. Threat to a database may be intentional or accidental. Given below are some database security threats. Data tampering Eavesdropping and data theft Falsifying User s identities Password related threats Unauthorized access to data Lack of accountability

6 DEFENCE MECHANISMS Generally four levels of defence are recognized for a database security: Physical security Human factors Operating system Database system

7 Data Security RECQUIREMENTS The basic security standards which technologies can assure are : CONFIDENTIALITY Access control - Access to data is controlled by means of privileges, roles and user accounts. Authenticated users Authentication is a way of implementing decisions of whom to trust. It can be employ passwords, finger prints etc. Secure storage of sensitive data It is required to prevent data from hackers who could damage the sensitive data. Privacy of communication - The DBMS should be capable of controlling the spread of confidential personal information from unauthorized people such as credit cards etc.

8 INTEGRITY Integrity contributes to maintaining a secure database by preventing the data from becoming invalid and giving misleading results. It consists of following aspects : System and object privileges control access to applications tables and system commands so that only authorized users can change the data. Integrity constraints are applied to maintain the correctness and validity of the data in the database. Database must be protected from viruses so firewalls and anti-viruses should be used. Ensures that access to the network is controlled and data is not vulnerable to attacks during transmission across network.

9 AVAILABILITY Data should always be made available for the authorized user by the secure system without any delays. Availability is often thought of as a continuity of service assuring that database is available. Denial of service attacks are attempts to block authorized users ability to access and use the system when needed. It has number of aspects. Ease of use Resources managed by users for working with databases should be effectively managed so that it is available all the time to valid users. Flexibility Administrators must have all the relevant tools for managing user population. Scalability - System performance should not get affected by the increase in number of users or processes which require services from system. Resistance User profiles must be defined and the resource used by any user should be limited.

11 AUTHORIZATION is a PROCESS OF PERMITTING USERS to perform certain operations on certain data objects in a shared database. For example: Let us consider the authorization that a salesperson undertakes; AUTHORIZATION CUSTOMER RECORDS ORDER RECORDS READ Y Y INSERT Y Y MODIFY Y N DELETE N N Where N stands for NO and Y stands for YES to authorization for salesperson

12 To explain the concept of view, let us consider the example of a bank clerk who needs to know the names of customers of each branch but is not authorized to see specific loan information. The view is defined as follows: CREATE VIEW CUST_LOAN AS SELECT BRANCHNAME, CUSTOMER_NAME FROM BORROWER, LOAN Where BORROWER.LOAN_NO = LOAN.LOAN_NO; since the clerk is authorized to see this view so clerk can execute a query to see the result. SELECT * from CUST_LOAN; When the query processor translates the result into a query on actual base table in the database we obtain a query on BORROWER and LOAN tables. This permission must be checked on clerk s query processor begins.

14 BUSINESS CONSTRAINTS A value in one column may be constrained by value of some another or by some calculation or formulae. ENTITY CONSTRAINTS Individual columns of a table may be constrained eg. Not null. REFRENTIAL CONSTRAINTS Sometimes referred to as key constraints. Eg. Table two depends upon table one.

15 BENEFITS OF USING CONSTRAINTS Guaranteed integrity and consistency Defined as a part of table definition Applies across all applications Cannot be circumvented Application development and productivity Requires no special programming Easy to specify and maintain Defined once only

16 CONCURRENCY CONTROL What is it? The coordination of simultaneous requests for the same data, from multiple users. Why is it important? Simultaneous execution of transactions over a shared database may create a several data integrity and consistency problems.

17 THREE MAIN INTEGRITY PROBLEMS ARE Lost updates Uncommitted data Inconsistent retrievals

18 DATABASE RECOVERY The process of restoring database to a correct state in the case of failure. E.g. system crashes Media failures Application software errors Natural physical disasters carelessness

19 BASIC RECOVERY CONCEPTS Backup mechanism it makes periodic backup copies of the database. Logging concept that keeps the track of current state of transaction and the changes made in the database. Check pointing mechanism that enables update to be made permanent.

20 The choice of the best possible strategy depends upon the Extent of damage that had occurred to the database. If there has been a physical damage like disk crash then the last backup copy of the data is restored. However if database has become inconsistent but not physically damaged then changes caused inconsistency must be undone. It may also be required to redo some transactions so as to ensure that the updates are reflected in the database.

Topic 8 Database Security LEARNING OUTCOMES When you have completed this Topic you should be able to: 1. Discuss the important of database security to an organisation. 2. Identify the types of threat that

Acquire or develop application systems software Controls provide reasonable assurance that application and system software is acquired or developed that effectively supports financial reporting requirements.

Page 1 of 5 Cyber Liability Insurance Data Security, Privacy and Multimedia Protection What is a Cyber Risk? Technology is advancing at such an alarming rate and business is more and more reliant on IT

Chapter 7 Information System Security and Control Essay Questions: 1. Hackers and their companion viruses are an increasing problem, especially on the Internet. What can a digital company do to protect

COMP 378 Database Systems Notes for Chapter 1 of Database System Concepts Introduction A database management system (DBMS) is a collection of data and an integrated set of programs that access that data.

Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)

Circular 16 March 2010 Circular to All Licensed Corporations on Information Technology Management In the course of our supervision, it has recently come to our attention that certain deficiencies in information

1 B.Sc (Computer Science) Database Management Systems UNIT-V Business Intelligence? Business intelligence is a term used to describe a comprehensive cohesive and integrated set of tools and process used

Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,

Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major

Management Standards for Information Security Measures for the Central Government Computer Systems April 21, 2011 Established by the Information Security Policy Council Table of Contents Chapter 1.1 General...

1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction

goes to great lengths to ensure the security and availability of vcloud Air services. In this effort VMware has completed an independent third party examination of vcloud Air against applicable regulatory

MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

Page 1 of 5 Cyber Liability Insurance Data Security, Privacy and Multimedia Protection What is a Cyber Risk? Technology is advancing at such an alarming rate and business is more and more reliant on IT

1 B.Sc (Computer Science) Database Management Systems UNIT - IV Transaction:- A transaction is any action that reads from or writes to a database. Suppose a customer is purchasing a product using credit

Electronic business conditions of use This document provides Water Corporation s Electronic Business Conditions of Use. These are to be applied to all applications, which are developed for external users

Internal Control Guide & Resources Section 5- Internal Control Activities & Best Practices Managers must establish internal control activities that support the five internal control components discussed

Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services

External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect

Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the

Company or Trading Name: Address: Post Code: Telephone: E-mail: Website: Date Business Established Number of Employees Do you have a Chief Privacy Officer (or Chief Information Officer) who is assigned

Technical Standards for Information Security Measures for the Central Government Computer Systems April 21, 2011 Established by the Information Security Policy Council Table of Contents Chapter 2.1 General...

SAMPLE HIPAA/HITECH POLICIES AND PROCEDURES MANUAL FOR THE SECURITY OF ELECTRONIC PROTECTED HEALTH INFORMATION Please Note: 1. THIS IS NOT A ONE-SIZE-FITS-ALL OR A FILL-IN-THE BLANK COMPLIANCE PROGRAM.

CHAPTER 2 DATABASE MANAGEMENT SYSTEM AND SECURITY 2.1 Introduction In this chapter, I am going to introduce Database Management Systems (DBMS) and the Structured Query Language (SQL), its syntax and usage.

IT - General Controls Questionnaire Internal Control Questionnaire Question Yes No N/A Remarks G1. ACCESS CONTROLS Access controls are comprised of those policies and procedures that are designed to allow

Supplier Instructions for Processing of Personal Data 1 PURPOSE SOS International has legal and contractual obligations on the matters of data protection and IT security. As a part of these obligations

Web Security School Final Exam By Michael Cobb 1.) Which of the following services is not required to run a Windows server solely configured to run IIS and publish a Web site on the Internet? a. IIS Admin

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to Health Information Risks vary based on the mobile device and its use. Some risks include:

B2.2-R3: INTRODUCTION TO DATABASE MANAGEMENT SYSTEMS NOTE: 1. There are TWO PARTS in this Module/Paper. PART ONE contains FOUR questions and PART TWO contains FIVE questions. 2. PART ONE is to be answered

WHITEPAPER Automation Suite for Assurance with LogRhythm The Massachusetts General Law Chapter 93H regulation 201 CMR 17.00 was enacted on March 1, 2010. The regulation was developed to safeguard personal

Whitepaper Brainloop Cloud Security Guide to secure collaboration in the cloud www.brainloop.com Sharing information over the internet The internet is the ideal platform for sharing data globally and communicating

Network Security and the Small Business Why network security is important for a small business Many small businesses think that they are less likely targets for security attacks as compared to large enterprises,

DAIDS Appendix 2 No.: DWD-POL-DM-01.00A2 Data Management Requirements for Central Data Management Facilities The following clinical trial data management requirements must be met in order to ensure the

The HIPAA Security Rule Primer A Guide For Mental Health Practitioners Distributed by NASW Printer-friendly PDF 2006 APAPO 1 Contents Click on any title below to jump to that page. 1 What is HIPAA? 3 2

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to to Health Mobile Information Devices: Risks to Health Information Risks vary based on the